At least this seems fine even though the key was registered 2018-02-19 and thus is quite new. Anyone could have provided the binaries and anyone could have registered the key under the name “peter bushnell”.

Is it so hard to put also the signatures as well as the key-ID on the download page?

exactly! This is is what I am complaining about. It would be much better to list or link the gpg public keys prominently at www.feathercoin.com. As well as the forum ID of the person to whom the keys belong.

It’s like: “Hey guys, even if I cannot fully proof, that the correct person has built the binaries but here is the link to the gpg public keys. If I am a hacker then I must have hacked the feathercoin main page, the github repository as well as the corresponding forum account. This is very very unlikely.”

Last but not least, each coin project “hides” the signatures and keys differently. And it is often some work to get the needed information. If google is necessary to find this information, then it is too hard for the average person to verify the binaries.

And if someone uses an unverified and altered binary and loses real money, then this is bad publicity for feathercoin. (Showing that “There is no such thing as bad publicity” is not always true!)